Gateway web server flaws exposed

Didn't have the latest security patches

Common Topics

Web servers at Gateway have been defaced in an attack that calls into question the security practices of the direct sales PC vendor.

Pages on Gateway's site, which normally carry pages on job advertisements and career opportunities, were replaced by a profane message from The-Rev of cracker group the "sm0ked crew". The defacement is mirrored on Attrition and can be seen here.

In common with many sites successfully attacked by crackers in recent months Gateway's site, www.gateway.com, runs Microsoft's IIS4 Web server on a NT4 platform

Paul Rogers, a network security analyst at MIS Corporate Defence, said responses from Gateway's web servers showed predictable TCP sequence numbers, indicating that administrators have not followed best practice and applied the latest Microsoft service packs.

"It's highly unlikely that the predictable TCP sequence number was used to gain access to these servers - there are much easier ways," said Rogers. "What it does show, however, is that Gateway's servers are not secured or patched up to the highest level." ®